/* eslint-disable @typescript-eslint/no-explicit-any */
/*
 *  Copyright 2021 Collate
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *  http://www.apache.org/licenses/LICENSE-2.0
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

 /**
 * User/Bot SSOAuthN.
 */
export interface SsoAuth {
    /**
     * The authentication configuration used by the SSO
     */
    authConfig?: SsoClientConfig;
    /**
     * Type of database service such as Amundsen, Atlas...
     */
    ssoServiceType?: SsoServiceType;
}

/**
 * The authentication configuration used by the SSO
 *
 * Google SSO Configuration
 *
 * Google SSO客户端安全配置
 *
 * Okta SSO Configuration
 *
 * Okta SSO客户端安全配置
 *
 * Auth0 SSO Configuration
 *
 * Auth0单点登录客户端安全配置
 *
 * Azure SSO Configuration
 *
 * Azure SSO客户端安全配置，用于连接到OpenMetadata
 *
 * Custom OIDC SSO Configuration
 *
 * 自定义OIDC单点登录客户端安全配置
 *
 * SAML SSO Configuration
 *
 * SAML SSO客户端安全配置
 */
export interface SsoClientConfig {
    /**
     * Google SSO受众URL
     */
    audience?: string;
    /**
     * Google SSO客户端秘钥路径或内容
     *
     * Auth0客户端密钥
     *
     * 自定义OIDC客户端密钥
     */
    secretKey?: string;
    /**
     * Okta客户端ID
     *
     * Auth0客户端ID
     *
     * Azure客户端ID
     *
     * 自定义OIDC客户端ID
     */
    clientId?: string;
    /**
     * Okta服务账号电子邮件
     */
    email?: string;
    /**
     * Okta组织URL
     */
    orgURL?: string;
    /**
     * Okta私钥
     */
    privateKey?: string;
    /**
     * Okta客户端范围
     *
     * Azure客户端ID
     */
    scopes?: string[];
    /**
     * Auth0域
     */
    domain?: string;
    /**
     * Azure SSO授权方
     */
    authority?: string;
    /**
     * Azure SSO客户端秘钥
     */
    clientSecret?: string;
    /**
     * 自定义OIDC令牌端点
     */
    tokenEndpoint?: string;
    /**
     * Get logs from the Library in debug mode
     */
    debugMode?: boolean;
    idp?:       Idp;
    security?:  Security;
    sp?:        SP;
}

/**
 * 此模式定义身份提供商配置
 */
export interface Idp {
    /**
     * 用于重定向用户至登录页的授权URL
     */
    authorityUrl?: string;
    /**
     * 身份提供商实体ID，通常与SSO登录URL相同
     */
    entityId: string;
    /**
     * X509证书
     */
    idpX509Certificate?: string;
    /**
     * 用于重定向用户至登录页的授权URL
     */
    nameId?: string;
    /**
     * SSO登录URL
     */
    ssoLoginUrl: string;
}

/**
 * 此模式定义SAML的安全配置
 */
export interface Security {
    /**
     * 密钥库别名
     */
    keyStoreAlias?: string;
    /**
     * 密钥库文件路径
     */
    keyStoreFilePath?: string;
    /**
     * 密钥库密码
     */
    keyStorePassword?: string;
    /**
     * 在从SP发送请求时加密Name Id
     */
    sendEncryptedNameId?: boolean;
    /**
     * 发送认证请求时签署Authn Request
     */
    sendSignedAuthRequest?: boolean;
    /**
     * 希望签署此SP的元数据
     */
    signSpMetadata?: boolean;
    /**
     * 仅在设置相关标志的情况下接受有效签名和加密的断言
     */
    strictMode?: boolean;
    /**
     * 从SAML响应创建的JWT令牌的有效期
     */
    tokenValidity?: number;
    /**
     * SP要求加密接收到的断言
     */
    wantAssertionEncrypted?: boolean;
    /**
     * SP要求签署接收到的断言
     */
    wantAssertionsSigned?: boolean;
    /**
     * SP要求签署接收到的消息
     */
    wantMessagesSigned?: boolean;
    /**
     * SP要求加密接收到的Name Id
     */
    wantNameIdEncrypted?: boolean;
}

/**
 * 此模式定义服务提供商配置
 */
export interface SP {
    /**
     * 断言使用者URL
     */
    acs: string;
    /**
     * 服务提供商实体ID，通常与SSO登录URL相同
     */
    callback: string;
    /**
     * 服务提供商实体ID
     */
    entityId: string;
    /**
     * 用于签名和加密的Sp私钥
     */
    spPrivateKey?: string;
    /**
     * X509证书
     */
    spX509Certificate?: string;
}

/**
 * Type of database service such as Amundsen, Atlas...
 */
export enum SsoServiceType {
    Auth0 = "auth0",
    Azure = "azure",
    CustomOidc = "custom-oidc",
    Google = "google",
    Okta = "okta",
}
